Python Forum
Oauth2.0 authorization (Flask, SQLAlchemy)
Thread Rating:
  • 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Oauth2.0 authorization (Flask, SQLAlchemy)
#1
Hello!

I have a repo on git hub, and I'm having issues with the authorization for the edit and delete methods.

While the above repo doesn't reflect the following, I have been fiddling with the following code to sort out the issue

#Edit a cuisine
@app.route('/cuisine/<int:id>/edit/', methods = ['GET', 'POST'])
def editCuisine(id):
  if 'username' not in login_session:
      return redirect('login')
  editedCuisine = session.query(Cuisine).filter_by(id = id).one()
  # Check if the logged in user is the owner of item
  creator = getUserInfo(editedCuisine.user_id)
  user = getUserInfo(login_session['user_id'])
  # If logged in user is not item owner redirect them
  if creator.id != login_session['user_id']:
      flash ("This is not yours to edit. This belongs to %s" % creator.name)
      return redirect(url_for('editCuisine'))
  # Method for posting
  if request.method == 'POST':
      if request.form['name']:
        editedCuisine.name = request.form['name']
      if request.form['description']:
        editedCuisine.description = request.form['description']
        flash('Cuisine Successfully Edited %s' % editedCuisine.name)
        return redirect(url_for('showCuisines'))
  else:
    return render_template('editCuisine.html', cuisine = editedCuisine)
When I try and edit and item, I get the following error:

Output:
sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) no such column: cuisine.user_id [SQL: 'SELECT cuisine.id AS cuisine_id, cuisine.name AS cuisine_name, cuisine.description AS cuisine_description, cuisine.user_id AS cuisine_user_id \nFROM cuisine \nWHERE cuisine.id = ?'] [parameters: (2,)]
I'm at my whits end with this Wall , as it seems like such a simple fix. Any help would be appreciated Big Grin
Reply
#2
I don't understand the subject, or how this is related to OAuth. The error is saying the column doesn't exist. Sqlalchemy doesn't (I don't think) modify tables once they're created, so if you changed your models to add new columns, then that won't be represented by the database. I'd suggest rebuilding the database and seeing if the problem goes away.
Reply
#3
My apologies for not showing the database code, nor the global variables defining the Auth2.0 code.

I was hoping the title would get my foot in the door with someone whom was knowledgeable in auth2.0.

The code above shown shows:

1. An item to be edited (executed by SQLAlchemy on a one to one database relationship)
2. A login session ID, pulled from a local user token created.
3. If the edited item column; user id (which is the key stored from the login session user id) does not equal the login session user id return an error.

for reference I solved the problem by changing a little bit of the code, and defining it differently

WAS:
  creator = getUserInfo(editedCuisine.user_id)
  user = getUserInfo(login_session['user_id'])
  # If logged in user is not item owner redirect them
  if creator.id != login_session['user_id']:
      flash ("This is not yours to edit. This belongs to %s" % creator.name)
      return redirect(url_for('editCuisine'))
CHANGED TO:
 if editedCuisine.user_id != login_session['user_id']:
        return "<script>function myFunction() {alert('You are not authorized"\
         "to edit this item. Please create your own item in order to edit.');"\
"window.location = '/cuisines';}</script><body onload='myFunction()''>"
Thank you for the reply regardless Dance .
Reply


Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020